CVE-2024-38276
MEDIUM5.4EPSS 0.27%Moodle CSRF risks due to misuse of confirm_sesskey
發布日:2024/6/18修改日:2024/8/9
描述
Incorrect CSRF token checks resulted in multiple CSRF risks.
受影響套件(2)
- Bitnami/moodlefrom 0, < 4.1.10, >= 4.2.0, < 4.2.8, >= 4.3.0, < 4.3.5, >= 4.4.0, < 4.4.1
- Packagist/moodle/moodle>= 4.4.0-beta, < 4.4.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
參考連結(23)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-38276
- PATCHhttps://github.com/moodle/moodle
- WEBhttps://github.com/moodle/moodle/commit/093aedf79889114d004495f05969168b646b0285
- WEBhttps://github.com/moodle/moodle/commit/137d311fd1354c679b974633512a771e6e0559a1
- WEBhttps://github.com/moodle/moodle/commit/30fadc3686fa7490860a0bd87a29636139dfb371
- WEBhttps://github.com/moodle/moodle/commit/31ced0851189a6879e4cd27c7e65d21dd9d6e87e
- WEBhttps://github.com/moodle/moodle/commit/57f20b6cb352893871c3afdfa8a4c09a96e16764
- WEBhttps://github.com/moodle/moodle/commit/756090ed79aa056d0b5f58e7a1dff67f139f76b4
- WEBhttps://github.com/moodle/moodle/commit/9af9711c0a78ebad87d49bcb369ff813bc57d0a7
- WEBhttps://github.com/moodle/moodle/commit/a0d8c025f732d5c18a2b9d1a8e5cbee35dce86f4
- WEBhttps://github.com/moodle/moodle/commit/c18b59808cefe7b54c85dce6bf2cc71601080667
- WEBhttps://github.com/moodle/moodle/commit/c1aacb3e2884ea4dcc221c5ef2e449ce345f78ae
- WEBhttps://github.com/moodle/moodle/commit/c5b1604e8136db6d72057dd8052955058489206c
- WEBhttps://github.com/moodle/moodle/commit/da8e8cee6ffaf7c184eded97e1016f20c9de0561
- WEBhttps://github.com/moodle/moodle/commit/dc84fcfab06a4a0fe37797b8422e9fe3a1031c3e
- WEBhttps://github.com/moodle/moodle/commit/e1dab5f38166a2ff62983178f7bf8f0ed3a61090
- WEBhttps://github.com/moodle/moodle/commit/e23f603c41055ab92f9b430cf0e7a54b4e120f95
- WEBhttps://github.com/moodle/moodle/commit/f2807dee5bc777d9c58b7a70cba6e4c21ee02ea1
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
- WEBhttps://moodle.org/mod/forum/discuss.php?d=459501